 |
 |
OSXS authenticating for other Unices
|
|
|
|
|
Dedicated MacNNer
Join Date: Nov 2000
Location: Malaysia
Status:
Offline
|
|
I couldn't see a thread on this, but I was wondering how easy it would be to use the newest OSXS to authenticate users for other Unix OS's, such as HP/UX or Solaris (or even NT/2000).
What I'm thinking is that the user management software on OSXS is better than on other Unices. It could be nice to leverage that for our admin who adds users, then authenticate those people as users on the other systems.
I don't know what kind of options are really available to do this. Does OSXS work with NIS? Does it work as a radius authentication server?
Are there other options available? Like authenticating all HP/UX&OSXS users from win2000 via some technology? I'm much more into the idea of running the authentication on OSXS for everything. It would seem something like that should be possible with the whole management stuff in OSXS, but I have no more info on that.
---gralem
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2001
Location: Mahwah, NJ USA
Status:
Offline
|
|
I disagree... I have found the user management software for OSXS to really suck... especially Macintosh Manager. Try adding 150 users from a flat text file of userids and passwords. Yes, it is doable, but you have to construct a script to put it in to the netinfo database. Other Unices have a tool for this already.
I know OSX can be an NIS client, I don't know about being a server. NIS is not a wise choice anyhow, very insecure. NIS+ would be a better choice but much more complex. I think LDAP would make more sense.
For my MacOS9.x clients I have been using Onguard. It is almost completely insecure but it seems to be the best thing out there for that level of Mac right now. For network shares I have been using netatalk from a Linux server. Nice thing about Linux is it serves all files from the same directory tree (/home) to any authenticated Mac, Windows or Unix client.
-DU-...etc...
|
|
-DU-...etc...
|
| |
|
|
|
|
|
|
|
MacTroll
|
|
Using an LDAP server is probably your best bet. I don't know of any real OSX LDAP servers, but I haven't been looking too hard. The OSX Server manual on Apple's website has a lot of good information about integrating LDAP with OSX. I haven't played too much with getting this to flow down to Mac Manager, but I wouldn't hold my breath.
Also keep in mind that OSX Server can now also have home folders in the same directory for all users on all platforms.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2001
Location: Mahwah, NJ USA
Status:
Offline
|
|
There are perl scripts available for migrating NIS, NIS+, netinfo which is what MM uses) to an LDAP database. That means you could still use MM (dunno why) as a GUI front end management thingy and LDAP to do the real work.
As far as clients go for LDAP on the MacOS platform... I don't know. I have read there is some info on it at: http://www.openldap.org Apparently there is some compatibility with the lookupd daemon and LDAP.
"Also keep in mind that OSX Server can now also have home folders in the same directory for all users on all platforms."
How does it do this? Does it use Samba for Windows clients? What does it use for *nix clients? How does it deal with owner and group permissions on the exported files? How does it deal with MacOS and Windows text file mangling? Do you have any links to someone that is actually doing this or documents that describe the implementation? Is this a feature of their latest release?
I am very interested in this topic because I have a heterogenous network of ~100 MacOS-9.x clients, hundreds of Windows-9x/NT/2K clients, and dozens of Unix clients (mostly Linux). So far I have found Linux to be the easiest, most secure, most reliable, and certainly the cheapest solution. We spent over USD$1500 for MacOS-X server for a small subnet. For anything other than MacOS-9.x clients it has been a very poor solution. It wasn't all that good for even that. It does webserving OK but why spend that much when I can get the same functionality for nothing?
-DU-...etc...
|
|
-DU-...etc...
|
| |
|
|
|
|
|
|
|
MacTroll
|
|
Your frustration with OSX Server 1.2 is very justified. It was a two trick pony, and Appletalk server and Apache. Not much else. Sure there was netboot and mm but how the hell do you admin the thing. It wasn't a full fledged version of Unix and it sure as hell wasn't OS9.
However the new version of Server is much different. For $1000 you get a much newer version of Apache complete with WebDAV and SSL support, among other things, a really nice GUI for Appletalk, FTP, NFS, and SaMBa administration, DNS, DHCP, SLPDA in addition to a beefed up MacManager and NetBooting. Plus you get an easier way of setting up NetInfo domains and a way of actually pulling users/groups from an LDAP server.
So in your mixed network you can have Windows clients connect over SMB to a share point, Mac over AFP or NFS and Unix boxes over NFS. Realistically you can set up a working base config in about an hour, including installing the OS on the machine, and never have to touch the command line. The Beta version of the server we have been using for the last few weeks came with an older version of samba. I downloaded 2.2 and it installed without a hitch and the GUI controls still work for it.
As far as authentication you can point an OSX Server's netinfo domain to use an LDAP server as a parent domain and then point your OSX and I believe maybe OS9, if you are using MM, at the OSX Server and the LDAP users and groups will cascade down to all of the machines.
I've got a lab of 8 iMacs that I plan to netboot off of a server using an LDAP server as a parent domain. I'll let you know how it works.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Canada
Status:
Offline
|
|
Originally posted by utidjian:
Do you have any links to someone that is actually doing this or documents that describe the implementation? Is this a feature of their latest release?
Here's the Admin Guide. Enjoy...
http://download.info.apple.com/Apple...dmin_Guide.pdf
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2001
Location: Mahwah, NJ USA
Status:
Offline
|
|
To dtriska:
Thanks very much for the link. A proper manual was something sorely missing from the previous version of OS-X... basically there wasn't one, at least not one I could ever find.
To MacTroll:
I would be very interested in how your installation works out. There is another group where I work that will be running a newer MacOS-X server and I will keep tabs on how it works. It remains to be seen how well OSXS will work. I have ALL of the functionality you mentioned already... for "free" with Linux. At this point I do not feel like paying an additional $1000 to be a beta tester for this new version. Not after having spent so much already. I think Apple should have given us "early adopters" a less expensive upgrade option. I can build a buy an additional Linux server at that price or add a complete UPS, DLT drive and media to an existing box. Does the new server support DLT tape backup solutions, what kind of backup solutions are available, does it support UPS? I noticed their new manual makes no mention of UPS, and devotes a few sentences to backups. In my opinion OSXS is just an overpriced toy until it has these basic utilities to make it a complete server solution.
My other major gripe with OSXS is that Apple left me in an almost complete vacuum regarding support. There was no manual... very little documentation. There is the support forum at Apple.com but I found that did not have the answers to my questions (I tried). I asked our Apple rep directly and he did not have any answers at all... nor could he put me in touch with someone who did. I could get no response as to when and how I would get the features and updates that I needed. With Linux I don't have to wait a year... it is already here, actively developed, and I know where it is going. I don't have to wait for Apple to get around to it and charge me $1000 for the pleasure of waiting.
All I can say in favor OSXS server is that it was stable... I had no crashes within a year of use. Not bad... I did have plenty of problems of MM "losing" its permissions schemes. I had plenty of printer rpoblems under MM (just refused to print). I had numerous other little problems with MM which forced my hand to move to Linux as a solution.
I guess my main complaint is with MM.
-DU-...etc...
|
|
-DU-...etc...
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Canada
Status:
Offline
|
|
Originally posted by MacTroll:
<STRONG>Plus you get an easier way of setting up NetInfo domains and a way of actually pulling users/groups from an LDAP server.
[snip]
As far as authentication you can point an OSX Server's netinfo domain to use an LDAP server as a parent domain and then point your OSX and I believe maybe OS9, if you are using MM, at the OSX Server and the LDAP users and groups will cascade down to all of the machines.
I've got a lab of 8 iMacs that I plan to netboot off of a server using an LDAP server as a parent domain. I'll let you know how it works.</STRONG>
How did this go? Did you get the LDAP server working with OS X Server all the way to Macintosh Manager?
|
|
|
| |
|
|
|
|
|
|
|
| |
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
